Hackers Are Everywhere!

You escape your office to enjoy the afternoon weather and head for your favorite outdoor lounging spot intending to use the free Wi-Fi available in the Square to catch up on the latest gossip site, sports page and conduct a little online shopping. To your dismay, you are not the only person sharing that thought and the place is packed. Young and old, professionals and hipsters, the place is heaving and everyone is on their computer, iPad or mobile device and connected to the web. Just as you find a place to sit, plug in and surf the web, the police come rushing in and arrest four of the patrons. All four are different — young, old, male, female, professional and casual. And all are hackers.

Nowadays, any person who uses a computer to commit a crime such as stalking, stealing personal data, launching a computer virus or reading someone else’s emails is labeled a “hacker”.

The term “hacker” was once used solely to describe individuals who could gain entry into a computer system to either alter the system or remove data from it. A hacker was technically savvy, driven by the challenge of gaining entry. Any theft was primarily to prove their exploit, a souvenir if you will. Hackers generally hack for 5 reasons:

1. Curiosity or ‘just because’- let’s take it apart and see how it works
2. Reputation — to prove to others they can do it
3. To steal something of value- for profit or to build their reputation, or both
4. To steal services — hack company A to then hack Company B and cover their tracks
5. It’s their job — they are paid to be a Thief, Bug Finder, Penetration Tester, Cyber Warrior or Cyber Spy

In the late 90’s as e-commerce developed, the financially motivated “hacker” also emerged. Most financial crimes, up until then, involved being physically involved in the theft of money, or credit cards, etc. Suddenly, they could steal money online by taking credit card data, making online purchases, scheduling deliveries and then selling the goods back online.

The financially motivated “hackers” are thieves and fraudsters committing the same crimes they have always carried out, but now the data comes from a computer rather than a filing cabinet or a desk or a purse/wallet. In many cases, the person who steals the data is not the main perpetrator running the fraud scheme. Instead, they are selling the data or are part of an organized team of criminals involved in converting the data into cash or covering their tracks.

As for “hackers” who attack corporations to obtain confidential information and cause reputational damage, be they insiders or external, the key is gaining entry. Once inside, they can do as they please. Most often the “hack” is simply compromising an account of an employee obtained by tricking that person into sharing their password. Once the access is obtained it is like giving the “hacker” a key that opens every office and filing cabinet in the building.

More appropriate terms for “hackers” might be cyber-based criminals, cyber-based spies, or even cyber-based warriors, but the term “hackers” sounds dramatic and scary, therefore all criminals who use computers are called “hackers.”

Now putting semantics aside, how do you spot and stop hackers?

Put simply, you apply the same methods as you would when spotting and stopping “ordinary” thieves.

Hackers, no matter what their motivation, need one thing to fulfill their mission. They need access to their victims’ computers and data. They get access by tricking people into providing information via various means such as sending intriguing emails to entice employees into installing password stealing software on their computers.

Once the criminals gain access, their aim is to get what they want and get out without anyone noticing.

This last part is key. The attackers need to be able to get out with the information they are stealing. A great number of systems are focused on the validation of the person entering into the system and once granted access little attention is paid to see what they are doing inside. Even less attention is paid on what they are taking out of the system because it is assumed they have the right to look at and take what they need. After all, they were allowed to enter the system in the first place.

Just as a company has security guards monitoring the parameter of a building, checking ID’s, logging who enters and leaves the building and watching security monitors, the same precautions should be taken for data.

Companies need to know what information they have on their systems, who has access to it, who is accessing it and for what purpose. The concepts are data visibility, access control, monitoring and data lock-down.

If Serena is logged in from her work computer and the same credentials are used to log in from an external location, a red flag should immediately appear.

If Joe Smith is uploading or downloading a large amount of data for the first time, those responsible for data security should be alerted.

When an issue is discovered, an effective response plan needs to be activated to minimize the damage.

Unfortunately “hackers” are very adept at blending in to their surroundings and are therefore extremely difficult to spot. The solution to the growing problem of cyber-crime is four fold:

• Understand your business and what information needs to be protected.
• Understand who has the right to access data and who is accessing the data
• Monitor both the coming and goings in the system
• Have a tested and deployable response plan

You might also want to find a new favorite spot to use free WiFi because the police are monitoring clearly the one you were using.