When hacking turns bad

December 15, 2015 markmulready

What if I told you the Internet was built by hackers or that Facebook’s Mark Zuckerberg has been called a hacker. Would you believe me? To fully understand the hacking threat, first we should know more about the hacking mind.

The hacking mind
Although predominately associated with the online world the hacking mindset is not limited to those in the computer field. The characteristics can be equally found in the world of art or science.

Hackers are often described as someone who thinks outside the box. They discard conventional wisdom, think differently and wonder what happens if you don’t follow the rules. In themselves these characteristics are admirable.

Those in the online world live and breathe computers. They enjoy the challenge of circumventing limitations, they appreciate the skill of a good hack and they believe everything is hackable. And there are specialty hackers with expertise in cryptography or applications, for instance.

What motivates a hacker? 
For many, it is simply enjoying the intellectual challenge of solving what others believe to be unsolvable. The problem comes when the hackers use their skills for illegal or criminal activity. And there are different groups:

  • Script kiddies and Hacktivists. These different groups use similar methods and tooling. Script kiddies hack a company out of curiosity with a new tool they discovered, whereas Hacktivists have a clear reason (e.g. political) and are far more determined.
  • Cyber Terrorist. Similar to Hacktivists in their general knowledge and methods. However, they are politically motivated with the end goal to cause severe disruption or widespread fear in society.
  • Blackhats. This is when hacking turns bad. They will break into your network, infect your systems and go after your valuable data for primarily financial gain.

Let’s have a look at a website through hacker’s eyes.

Hacking_turns_bad_website_Irdeto

Beating the blackhats 
It’s not easy to fight these types of hackers. They have unlimited time, low costs, rules don’t apply to them and they only need to exploit one vulnerability to have an impact.

In contrast, the defenders have limited time and budget. They are often constrained by corporate rules and ultimate ownership to resolve the problem can be unclear. This leads to a long delay between the time the hack has been discovered to implementing any mitigation activities.

All is not lost! 
Whitehat hackers are hackers who did not joined the dark side. And they can complement the existing corporate cyber security strategy by, for instance, training relevant personnel, performing IT security assessments, undertaking cyber incident planning and response activities as well as forensic and law enforcement support.

Unfortunately, the hacking risk is only going to get bigger. Today the Internet has 15 billion devices connected and according to Gartner it is expected that by 2020 this will increase to 25 billion devices.

In my next blog, I will look at what you can do to be better prepared for a cyber-attack.

Previous Article
Balancing security and usability in the pay-media world
Balancing security and usability in the pay-media world

Let’s face it; if consumers don’t get what they want, they look elsewhere. Gone are the days of loyalty due...

Next Article
Are you causing a crack in the corporate IT’s ‘egg-shell’ security?
Are you causing a crack in the corporate IT’s ‘egg-shell’ security?

Many of us work for organizations with an established corporate IT department. IT determines the security p...