Our computer systems and networks contain quite a bit of private and often very valuable data, and we do everything within our power (and budget) to protect this data from unauthorized access. But how do you know that your security is working? How can you be sure that hackers, also called “Threat Agents,” aren’t able to bypass your security controls and access your confidential information? We can gain more confidence in our security policies and controls by changing our perspective. This requires thinking like a hacker.
Officially, this paradigm shift is referred to as a “vulnerability assessment.” Basically, look at your systems and policies from the perspective of threat agents of all types and identify weak areas that would be more susceptible to an attack. However, only finding your weaknesses isn’t enough. Thinking like a hacker also involves thinking of how the attacks are accomplished, why they are attacking, what they are looking for and who is completing the attack. This is no easy task, however, since there are many categories of attacks, many categories of attackers and many motivations for an attack.
First thing’s first: we need to identify the hacker.
Before we can understand the attacks themselves, we need to understand who is behind the attack. Let’s start by defining the term “hacker.” Most people think of hackers as the bad guy. In reality, the term is much more neutral. A hacker is someone with the skills to bypass security controls in order to gain access to systems. This could be a good guy known as a “white hat” hacker. These individuals make it their mission to create a more secure environment either through consulting (such as with vulnerability assessments) or by providing public announcements of threats via the internet or news outlets.
Some famous white hats are names like Brian Krebs (www.krebsonsecurity.com) and Bruce Schneier (www.schneier.com), both of whom maintain blogs on security related topics. But when we use the term hacker, we usually aren’t thinking of these guys. The mental picture created in our minds is that of the shadowy figure who bypasses security controls for malicious intent – the “black hat” hacker.
The Five Types of Black Hat Hackers You Meet on the Internet
1. Script Kiddies
A few are adrenaline junkies who just love the art of the hack and are doing it for the notoriety of the being “the guy that hacked <fill in the blank>.” Their primary concern is disruption rather than obtaining data, which is why they target popular websites and social media platforms.
These script kiddies, as the name implies, have little to no resources or funding. They’re typically unskilled and simply looking for bragging rights and quick acts of vandalism rather than data mining. Moral or social causes are rarely their motivation.
This individual has a pet cause or a statement to make, and they want the world to know what they’ve done. The group “Anonymous” has been in the news a lot over the past few years completing hacks that demonstrate their animosity toward Western capitalism.
These hackers are predictable and are usually aiming for embarrassment or vandalism; their actions are driven by the desire to draw attention to their cause or influence individuals and businesses to change their policies or opinions to match theirs.
These hackers target individuals and organizations to gain access to data and sell it to the highest bidder. Cyber-criminals are highly skilled and financially motivated rather than looking for publicity in the manner of script kiddies and hacktivists.
These hackers are especially hard to catch because their victims are not personal. It’s business. And since they want to stay in business, they try to be stealthy and remain in the shadows to maintain their quest for Social Security numbers, credit card numbers, and other vulnerable information.
4. Organized Crime
By far, the most common type of hacker is the one participating in organized crime (a.k.a. “the Mob”). In countries like Russia, these criminal organizations earn regular steady income from the buying and selling of private data and intellectual property. Currently, the most prevalent tool used by these cyber-criminals is ransomware, which means locking up the systems of individuals and businesses and demanding a ransom payment to get it back.
This type of hacker is highly skilled and has access to extensive resources and funding. For obvious reasons, they want to avoid publicity and remain under the radar as much as possible.
5. Advanced Persistent Threats (APTs)
Another common type of hackers, and perhaps one of the most powerful, is the state-sponsored hacker or Advanced Persistent Threats (APTs). This is an individual or group of individuals hired by another sovereign nation to hack an opposing country to learn national secrets or otherwise undermine their ability to function as a country. Common targets for these hackers are infrastructure (power grids, utilities, public internet services) or perhaps the government networks themselves.
Some notable hacks that allegedly came from state-sponsored hacking are the Sony e-mail breach from November 2014, the breach of personnel records from the Office of Personnel Management in the U.S. Federal Government in June 2015, and the recent breach of the Democratic National Party in 2016. Having the funding and support of a large government makes this type of hacker pretty scary.
A new trend with hacking is not about the data taken as much as how we react to the hack. This type of hacking is referred to as “cyberterrorism.” Terrorist groups like Al Qaeda, ISIS and groups out of North Korea have waged war on our networks trying to scare the general public. Intelligence agencies around the world have had to deal with the way these rogue groups use technology to advanced their agendas worldwide.
Although we’ve covered six types of hackers, the most dangerous kind of hacker – the insider—is right under your nose. What does an insider have that other types of hackers do not have? Simply put: access. The insider, usually an employee, contractor or business partner, will already have some kind of credentials to part of the internal private network.
This access makes it even easier for them to breach data and cause damage without having to get past security layers like firewalls and proxies. They’ve already established a presence inside the castle walls, so to speak.
It is important that both enterprises and small businesses alike invest in their own knowledge and skills so they can combat these various threats. Awareness training for your employees can go a long way in reducing the threats that come from social engineering, e-mail and the web. Technical training for your IT staff, including courses related to CompTIA’s Security+, CSA+ or CASP, ISC(2) CISSP, and EC-Council’s Certified Ethical Hacker, can provide vendor-neutral training on security concepts. For specific skill enhancement, Global Knowledge also offers training on Cisco, Microsoft, IBM, cloud services and more.