Thursday, May 25, 2017

The Hacker: Know Your Enemy, Know Yourself

I wrote this as one long blog post, but felt, it might be too much, so I decided to break it into two smaller more manageable chunks.

Welcome to Part I -  The Hacker: Know your Enemy, Know Yourself   
Part II: Defense Against the Dark Arts - or - How to Outrun my Slowest Friend will be posted after this.

I have been working in the IT Industry for almost 20 years, and now I am studying Cyber Security and Information Assurance (CSIA).  I have learned a lot, most of which would bore many of you to the point of tears; suffice it to say, it has been an eye opening view into the world of cyber crime and the underworld of the World Wide Web. 

So I had an idea to create this blog post for my "non-techy" friends, who might have their own business, or manage a small to medium sized business.  Without trying to scare you too much I just want to say, "You are more vulnerable than you think, and most often you don't have very much, if any security in place."  You know this ... I know this ... And guess what?  Hackers know this.  I am not trying to sell you something, or tell you to rush out and hire security consultant, although if you want to hire me... you know where to reach me!  This is about learning what is going on in the world and finding a few simple, practical and lets say it, CHEAP, ways to better secure your information.

It was Sun Tzu that said, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”  Well, we know ourselves, now let's learn a little bit about the enemy, the Hacker.

80s and 90s Hollywood Hackers

Today's Hollywood Hackers
Not the hacker that Hollywood has been portraying for many years, but the real deal.

So what is a hacker?

HACKER:

a person who uses computers to gain unauthorized access to data.
 
Sure, but we really need to look at the idea of WHO a hacker is and WHY they are doing what they are doing.

A hacker is someone who is trying to get into your computer or network without your knowledge.  The computer could be your laptop on a network at Starbucks or your desktop PC in your office, or today it could even be your DVR (Chaikivsky, 2016, para 3).  It doesn't matter what the device is, just he /she is not you and not authorized to use your computer or network.  

 

 

So, why are the hackers doing it?!?


1.) To See if They Can!  

Yep, no other reason.  It is a puzzle and they are trying to see if they can solve it.  Once they are in, they may tell you, so you can better secure your system.  Or they might not, most likely not, but they will leave most everything else alone and not bother anything.

2.) To Steal Something

Believe it or not, your have something worth stealing, even if it is just YOU.  Identity theft is a huge market on the Dark Web.  (we will get to the Dark Web some other day).  A hacker may want to steal Credit Card transactions, sensitive customer information, SSN and birth dates, or any number of other things that could be sold.  Personal Information = $$$

Another area that sometimes goes unrecognized is if you have a large client, a hacker might target you in order to steal information or gain access to the larger client.  This is exactly what happened in 2013 when millions of records were stolen from Target containing customer's data  "Access to the system came from network credentials that were stolen from an HVAC provider based in Sharpsburg, Penn" (Munoz, 2015, para 3).

3.)For a Cause

We usually call this person a Hacktivist.  They hack because they feel they are doing the world a service by doing so.  This makes them very dangerous because they believe their cause is just, and therefore don't feel the same level or remorse for doing something wrong, in fact, if you ask any of them, they would surely tell you that they "Did nothing wrong."  Often times you will hear the idea that "All information should be free."  Meaning that certain people or groups of people should not be allowed to hold secret information from others.  Like Top Secret FBI data, or information about on going NSA investigations.  The thought is that the ruling class should not be the only ones allowed to view information.  It should be "freed".  A.K.A. Hacked / Stolen and shared on WikiLeaks.

4.) For Retribution

This is cam be a disgruntled former employee, or soon to be former employee.  Like the Hacktivist this person is dangerous because, they are trying to cause as much harm as possible in retribution to something that was done or perceived done to them by a high level manager or a company in general.

- check out Part II to find out how to protect yourself. 

References
Chaikivsky, A. (2016, October 24). How to Keep Your Devices From Joining a Zombie Botnet Army - Consumer Reports. Retrieved from http://www.consumerreports.org/privacy/how-to-keep-your-devices-from-joining-a-zombie-botnet-army/
Munoz, M. (2015, September 21). Cyber Security Case Study: Target Data Breach. Retrieved from http://www.cei.com/about-cei/media-room/blog/cyber-security-targets-2013-data-breach
Sunzi, & Giles, L. (2017). The art of war.
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)